package com.king.framework.filter;

import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.king.common.enums.HttpMethod;
import com.king.common.utils.text.StringUtils;

/**
 * 防止XSS攻击的过滤器
 * 
 * @author king
 */
public class XssFilter implements Filter {
	/**
	 * 排除链接
	 */
	public List<String> excludes = new ArrayList<>();

	@Override
	public void init(FilterConfig filterConfig) throws ServletException {
		String tempExcludes = filterConfig.getInitParameter("excludes");
		if (StringUtils.isNotEmpty(tempExcludes)) {
			String[] url = tempExcludes.split(",");
			for (int i = 0; url != null && i < url.length; i++) {
				excludes.add(url[i]);
			}
		}
	}

	@Override
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
			throws IOException, ServletException {
		HttpServletRequest req = (HttpServletRequest) request;
		HttpServletResponse resp = (HttpServletResponse) response;
		if (handleExcludeURL(req, resp)) {
			chain.doFilter(request, response);
			return;
		}
		XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper((HttpServletRequest) request);
		chain.doFilter(xssRequest, response);
	}

	private boolean handleExcludeURL(HttpServletRequest request, HttpServletResponse response) {
		String url = request.getServletPath();
		String method = request.getMethod();
		// GET DELETE 不过滤
		if (method == null || HttpMethod.GET.matches(method) || HttpMethod.DELETE.matches(method)) {
			return true;
		}
		return StringUtils.matches(url, excludes);
	}

	@Override
	public void destroy() {

	}
}